Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-5399

Allow CTS to be implemented as an independent service similar to the IdRepo


    • Type: New Feature
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 12.0.0
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Support Ticket IDs:


      The CTS should be implemented as an independent service similar to the IdRepo. Every time we create a new realm, we have an option to instantiate new IDRepo and provide connection parameter to it. Similarly we should be able to create new CTS and attach it to one or more realms.

      Now there could be a Global CTS or one could create separate instances of the CTS to meet their respective goals. Imagine a multi-tenant solution where we dont want to intermingle the OAuth tokens for two different realms. We can simply create two CTS service instance in two realms and tune it to our needs.

      Further, having separation of concern from get go would allow the developers to craft solution that caters to their specific needs. For example, if I want to scale up the OAuth side of the persistence layer, independent of the session storage, I should be able to do so with having independent CTS.

      The current CTS architecture forces OpenAM administrators to keep all type of tokens in same store. i.e. Either embedded or external LDAP. We would like an ability to keep session tokens separate from the OAuth tokens.


          Issue Links



              • Assignee:
                sfraser Sam Fraser
              • Votes:
                1 Vote for this issue
                2 Start watching this issue


                • Created: